On Fri, Sep 30, 2016 at 09:46:35AM -0500, Chris Bennett wrote:
> On Fri, Sep 30, 2016 at 04:19:58PM +0200, Stefan Sperling wrote:
> > On Fri, Sep 30, 2016 at 09:13:43AM -0500, Chris Bennett wrote:
> > > Can I redirect to the same server?
> >
> > I don't see why that shouldn't work.
> >
> > Put yo
On Fri, Sep 30, 2016 at 04:19:58PM +0200, Stefan Sperling wrote:
> On Fri, Sep 30, 2016 at 09:13:43AM -0500, Chris Bennett wrote:
> > Can I redirect to the same server?
>
> I don't see why that shouldn't work.
>
> Put your actual web service on some port on 127.0.0.1 and have
> relayd send the fi
On Fri, Sep 30, 2016 at 09:13:43AM -0500, Chris Bennett wrote:
> Can I redirect to the same server?
I don't see why that shouldn't work.
Put your actual web service on some port on 127.0.0.1 and have
relayd send the filtered traffic there.
On Fri, Sep 30, 2016 at 03:00:17PM +0200, Stefan Sperling wrote:
> Have you already considered running relayd(8) in front of your
> web service to filter out malicious requests?
>
> See the FILTER RULES section in relayd.conf(5).
>
No, I hadn't.
Can I redirect to the same server?
If so, I like w
On Wed, Sep 28, 2016 at 12:20:38PM -0500, Chris Bennett wrote:
> I am not sure what is appropriate, given netiqette and practicality for
> my server. I am sick of thousands of identical requests in my error log,
> plus I want to be able to look over my logs easily to find any real
> problems.
>
>
On 29 September 2016 at 03:20, Chris Bennett <
chrisbenn...@bennettconstruction.us> wrote:
> I am not sure what is appropriate, given netiqette and practicality for
> my server. I am sick of thousands of identical requests in my error log,
> plus I want to be able to look over my logs easily to fin
On Fri, Sep 30, 2016 at 01:26:30AM +, Alceu R. de Freitas Jr. wrote:
> I may be a little bit late... but isn't this something already handled by
> mod_security?
>
>
mod_security is no longer in the ports tree
Chris
I may be a little bit late... but isn't this something already handled by
mod_security?
De: Murk Fletcher
Para: Daniel Ouellet
Cc: misc@openbsd.org
Enviadas: Quinta-feira, 29 de Setembro de 2016 20:57
Assunto: Re: Looking for a way to deal with unwanted HTTP requests
rack-attack itself is very small, and its configuration is minimal. Use it
if you have a Ruby-based web app and want to add that extra layer of
protection to it that pf can't provide.
On Fri, Sep 30, 2016 at 1:30 AM, Daniel Ouellet wrote:
> On 9/29/16 7:20 PM, Murk Fletcher wrote:
> > There's Ki
On 9/29/16 7:20 PM, Murk Fletcher wrote:
> There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie.
> Ruby on Rails:
>
> https://github.com/kickstarter/rack-attack
>
> I find this quite nice along with those pf bruteforce tables mentioned
> earlier.
Sure I guess you can, but pers
There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie.
Ruby on Rails:
https://github.com/kickstarter/rack-attack
I find this quite nice along with those pf bruteforce tables mentioned
earlier.
Murk
On Fri, Sep 30, 2016 at 12:54 AM, Daniel Ouellet
wrote:
> > I don't think bru
> I don't think bruteforce will be helpful in my case. I do occasionally
> get bruteforce attacks, but not very often.
> What I usually get are identical attacks of a certain set of variations
> of URLs from one IP address. A little later the same thing from another
> IP, then another, etc.
>
> One
On Sep 28, 2016, at 10:04 PM, Chris Bennett
wrote:
>
> I don't think bruteforce will be helpful in my case. I do occasionally
> get bruteforce attacks, but not very often.
> What I usually get are identical attacks of a certain set of variations
> of URLs from one IP address. A little later the sa
On 2016-09-28, Chris Bennett wrote:
> I am not sure what is appropriate, given netiqette and practicality for
> my server. I am sick of thousands of identical requests in my error log,
> plus I want to be able to look over my logs easily to find any real
> problems.
If it's just about the logs, c
At the risk of sounding last decade…
Sourcing a scanner that attempts to illustrates the goals of an attacker could
make for a worthwhile project.
As an aside a postfix version really ought to exist with it’s myriad of
status codes.
Regards
Patrick
> On Sep 28, 2016, at 9:04 PM, Chris Bennett
On Wed, Sep 28, 2016 at 08:54:14PM -0400, trondd wrote:
> On Wed, September 28, 2016 1:20 pm, Chris Bennett wrote:
> >
> > Right now I am using a simple script from the error log to block
> > permanently any requests from that IP using OpenBSD pf.
> >
> > That simply doesn't work well enough anymor
On Wed, September 28, 2016 1:20 pm, Chris Bennett wrote:
>
> Right now I am using a simple script from the error log to block
> permanently any requests from that IP using OpenBSD pf.
>
> That simply doesn't work well enough anymore due to the time lag between
> 20+ requests at once getting to the
In my opinion, the appropriate thing to do here is drop the connection
(so most clients would time out) for bad requests, along with a short
term ip "block" for stuff that becomes real problems. Not a true
block, though, but instead a fixed content "your address is being used
as a part of a hostile
I am not sure what is appropriate, given netiqette and practicality for
my server. I am sick of thousands of identical requests in my error log,
plus I want to be able to look over my logs easily to find any real
problems.
Below is a copy of the question I sent to modp...@perl.apache.org
So far th
19 matches
Mail list logo
